veza/INTEGRATION_ISSUES_INDEX.json

[
  {
    "id": "INT-000001",
    "title": "CORS Configuration Will Break Production",
    "status": "resolved",
    "priority": "P0",
    "owner": "backend",
    "evidence": {
      "files": [
        {
          "path": "veza-backend-api/internal/config/config.go",
          "lines": "L638-L664"
        }
      ]
    },
    "fix_plan": {
      "minimal_steps": [
        "Add validation in config.go",
        "Call validation on startup",
        "Update docker-compose.production.yml"
      ]
    },
    "resolution": {
      "resolved_at": "2025-12-22T12:00:00Z",
      "resolved_by": "gemini-cli",
      "changes_made": [
        "Verified validation logic exists in config.go (ValidateForEnvironment)",
        "Updated docker-compose.production.yml to set APP_ENV=production and CORS_ALLOWED_ORIGINS"
      ],
      "verification": "Manual test: Server fails to start with empty CORS in prod mode (verified via go run)"
    }
  },
  {
    "id": "INT-000002",
    "title": "Multiple Auth Storage Mechanisms",
    "status": "resolved",
    "priority": "P0",
    "owner": "frontend",
    "resolution": {
      "resolved_at": "2025-12-22T12:15:00Z",
      "resolved_by": "gemini-cli",
      "changes_made": [
        "Removed fallback token storage logic in api/client.ts",
        "Deleted apps/web/src/utils/token-manager.ts (deprecated)",
        "Updated Login/Register tests to use TokenStorage mock",
        "Updated trackDownloadService, ExportPlaylistButton, ImportPlaylistButton to use TokenStorage"
      ],
      "verification": "Code audit confirmed no direct localStorage token access remains outside TokenStorage."
    }
  },
  {
    "id": "INT-000003",
    "title": "Type Mismatch User.id string vs number",
    "status": "open",
    "priority": "P0",
    "owner": "frontend+backend"
  },
  {
    "id": "INT-000004",
    "title": "Deprecated ApiService Response Format",
    "status": "open",
    "priority": "P0",
    "owner": "frontend"
  },
  {
    "id": "INT-000005",
    "title": "Missing CSRF Protection",
    "status": "open",
    "priority": "P0",
    "owner": "backend+frontend"
  }
]
fix(INT-000001): CORS Configuration Will Break Production - Updated docker-compose.production.yml to set APP_ENV=production - Added CORS_ALLOWED_ORIGINS configuration to backend-api service - Created integration tracking documents Resolves: INT-000001 Severity: P0 2025-12-22 14:39:48 +00:00			`[`
			`{`
			`"id": "INT-000001",`
			`"title": "CORS Configuration Will Break Production",`
			`"status": "resolved",`
			`"priority": "P0",`
			`"owner": "backend",`
			`"evidence": {`
			`"files": [`
			`{`
			`"path": "veza-backend-api/internal/config/config.go",`
			`"lines": "L638-L664"`
			`}`
			`]`
			`},`
			`"fix_plan": {`
			`"minimal_steps": [`
			`"Add validation in config.go",`
			`"Call validation on startup",`
			`"Update docker-compose.production.yml"`
			`]`
			`},`
			`"resolution": {`
			`"resolved_at": "2025-12-22T12:00:00Z",`
			`"resolved_by": "gemini-cli",`
			`"changes_made": [`
			`"Verified validation logic exists in config.go (ValidateForEnvironment)",`
			`"Updated docker-compose.production.yml to set APP_ENV=production and CORS_ALLOWED_ORIGINS"`
			`],`
			`"verification": "Manual test: Server fails to start with empty CORS in prod mode (verified via go run)"`
			`}`
			`},`
			`{`
			`"id": "INT-000002",`
			`"title": "Multiple Auth Storage Mechanisms",`
fix(INT-000002): Multiple Auth Storage Mechanisms - Unified token storage to use TokenStorage service - Removed deprecated token-manager.ts - Removed fallback storage logic in API client - Updated tests and feature components to use TokenStorage Resolves: INT-000002 Severity: P0 2025-12-22 14:53:47 +00:00			`"status": "resolved",`
fix(INT-000001): CORS Configuration Will Break Production - Updated docker-compose.production.yml to set APP_ENV=production - Added CORS_ALLOWED_ORIGINS configuration to backend-api service - Created integration tracking documents Resolves: INT-000001 Severity: P0 2025-12-22 14:39:48 +00:00			`"priority": "P0",`
fix(INT-000002): Multiple Auth Storage Mechanisms - Unified token storage to use TokenStorage service - Removed deprecated token-manager.ts - Removed fallback storage logic in API client - Updated tests and feature components to use TokenStorage Resolves: INT-000002 Severity: P0 2025-12-22 14:53:47 +00:00			`"owner": "frontend",`
			`"resolution": {`
			`"resolved_at": "2025-12-22T12:15:00Z",`
			`"resolved_by": "gemini-cli",`
			`"changes_made": [`
			`"Removed fallback token storage logic in api/client.ts",`
			`"Deleted apps/web/src/utils/token-manager.ts (deprecated)",`
			`"Updated Login/Register tests to use TokenStorage mock",`
			`"Updated trackDownloadService, ExportPlaylistButton, ImportPlaylistButton to use TokenStorage"`
			`],`
			`"verification": "Code audit confirmed no direct localStorage token access remains outside TokenStorage."`
			`}`
fix(INT-000001): CORS Configuration Will Break Production - Updated docker-compose.production.yml to set APP_ENV=production - Added CORS_ALLOWED_ORIGINS configuration to backend-api service - Created integration tracking documents Resolves: INT-000001 Severity: P0 2025-12-22 14:39:48 +00:00			`},`
			`{`
			`"id": "INT-000003",`
			`"title": "Type Mismatch User.id string vs number",`
			`"status": "open",`
			`"priority": "P0",`
			`"owner": "frontend+backend"`
			`},`
			`{`
			`"id": "INT-000004",`
			`"title": "Deprecated ApiService Response Format",`
			`"status": "open",`
			`"priority": "P0",`
			`"owner": "frontend"`
			`},`
			`{`
			`"id": "INT-000005",`
			`"title": "Missing CSRF Protection",`
			`"status": "open",`
			`"priority": "P0",`
			`"owner": "backend+frontend"`
			`}`
			`]`